Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 07 Feb 2012 13:38:59 +0100
From:      kron <>
Subject:   Re: on hammer's, security, and centrifuges...
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2012/02/07 13:03, Henry Olyer wrote:
> So I was coding along...
> On my laptop, on session #1, and I get a notice that someone did an su.
>   Except I'm the only user and I didn't have an ethernet cord connected.
>   (And no, it wasn't me...)
> I just built this laptop a few days ago.  Fresh.  I did have to get on the
> net to download/make/install a few critical packages.  I do development.
>   And research.
> My guess, not one shred of evidence, is that someone got in while I was
> re-building packages.  Some, (for example Maxima,) take hours.  And because
> of problems with gnuplot and pdflib, won't build as packages without
> re-compilation.

signed packages etc are valid and desirable features but
i consider them as the next step after basic work which is
on you

i would start with the following:

- was the "su" really a sign o breach? i mean not some
   your maintenance batch in background/cron/...

- if yes what about weak ssh passwords? you may consider
   pki-based authentication then

anyway, once compromised, you should rebuild tainted
systems from scratch, sorry :-(

wrt signed packaged i think there's some support in pkgng
but no personal experience yet


Want to link to this message? Use this URL: <>